Permission denied when executing binaries installed via python venv

When building from source 22.4 on ubuntu 22.04, for ospd-openvas, notus-scanner and greenbone-feed-sync, I got permission denied when trying to execute the binaries with the gvm user. The only user that could execute them was the same user that ran the pip install in the venv. Tried with normal other non-root user and root. The only solution that worked was to run the whole venv and pip install as the gvm user.

might have been something with my ubuntu server environment, but I doubt it.

Just reporting this in case someone wants to try and reproduce or someone is stuck facing the same issue.

1 Like

When building and installing software from source, especially within a Python virtual environment (venv), file ownership and permissions are key factors that determine which users can execute the binaries.

A virtual environment in Python is a self-contained directory tree that contains a Python installation for a particular version of Python, plus a number of additional packages. When you create a virtual environment, you’re setting up a separate space for that Python project, with its own set of libraries and settings, isolated from other Python projects and from the system-wide Python installation. This would also separate them from the other non-Python-based Greenbone components.

The ability of a user to execute Python scripts within a virtual environment is governed by the user’s file system permissions. If a user has read and execute permissions on the Python executable within the virtual environment and the script itself, then that user can run the Python scripts. If the virtual environment was created by a different user (which you indicate is the case for your scenario) and the appropriate permissions are not set, then other users may not be able to execute the scripts within that venv.

Setting up the venv as the _gvm or gvm user would allow them to be accessed by that user. However, the Greenbone CE source code install instructions do not include creating virtual environments for these Python-based components. I don’t immediately see the benefit of trying to run them in a virtual environment. Feel free to elaborate on your rationale for doing so.